Page 1 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No,: 

Appl. No.: Unknown Atty: 

Filing Date: Herewith Phone: 

Express Mail No.: EV 332 013 295 US 



OBLX-01056US0 
Burt Magen 
(415) 369-9660 



L 



12 



Web 
Browser 



SI 



14 



Web 
Browser 




24 



Resource 



Web 
Server 



t; 



8 



T 



20 



0) 
00 

o 

JO 
0) 

s 



28 





1 CO 




i w 


Web 


1 CO 
ICL 


Server 


, Web 





•38 



DMV 
with two firewalls 



1 



22 



resource 



1 



34 



Access 
Server 



Directory 



36 



Identity 
Server 



UM 



GM 



OM 



Pub 



40 



42 
44 
46 
•48 



FIG. 1 



Page 2 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: 

Appl. No.: Unknown Atty: 

Filing Date: Herewith Phone: 

Express Mail No.: EV 332 013 295 US 



OBLX-01056US0 
Burt Magen 
(415) 369-9660 



User's browser 
requests resource 



Request intercepted 
by Web Gate 



50 



52 



FIG. 2 




Log successful 
authentication 



i 



perform 
authentication 
success actions 



Attempt to authorize 




user 


«— 



Web Gate passes 

authentication 
cookie to browser 



60 



Attempt to 
authenticate user 




N 



Log unsuccessful 
authentication 



90 



Authorization 
successful? 



Y 92 



Log successful 
authorization 



94 



perform authorization 
success actions 



-N- 



Log unsuccessful 
authorization 



f 



96 



perform 
authorization 
failure actions and 
deny user access 
to resource 



r 



98 



Grant access to 
resource 



V 



95 



1 



66 



perform 
authentication 
failure actions 
and deny user 
. access to 

resource 



3 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: OBLX-01056US0 

Appl. No.: Unknown Atty: Burt Magen 

Filing Date: Herewith Phone: (415)369-9660 

Express Mail No.: EV 332 01 3 295 US 



entity 



230 



FIG. 3 



fCompany\ 
A 



232 



(Company) 
B 



234 



.236 



Org A 



.238 



OrgB 



OrgC 



.240 



OrgD 



.242 



Emp1 ) (Erhp2) (Emp3) (Emp4) (Emp5) (Emp6) (Emp7) (Emp8 J 



250 ^252 ^254 k 256 258 k 260 262 • 264 



-► DN= CN=Emp1 , OU=OrgA, 0=CompanyA, DC=entity 



Legend 

DC = Domain Component 
O = Organization 
OU = Organizational Unit 
CN = Common Name 
DN = Distinguished Name 



Page 4 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: OBLX-01056US0 

Appl. No.: Unknown Atty. BurtMagen 

Filing Date: Herewith Phone: (415)369-9660 

Express Mail No.: EV 332 013 295 US 



User Interface 



Business Logic 



•402 
-404 



Data Source Layer Interface 



406 



420 




RDBMS 
Mapping 
Catalog 



Trans 


Mgt. 


LOC 

i 


LOC 


RDB 


t 

RDB 





LOC 

I 


LOC 




LDAP 


t 

LDAP 



LDAP 
Mapping 
Catalog 




DB 




LDAP 


Server 




Server 



•450 



•452 



FIG. 4 



Page 5 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: 

Appl. No.: Unknown Atty: 

Filing Date: Herewith Phone: 

Express Mail No.: EV 332 013 295 US 



OBLX-01056US0 
Burt Magen 
(415)369-9660 



determine LOC 



classify attributes 



create mapping catalog 



store mapping catalog 



502 



504 



506 



508 



508 



FIG. 5 



receive data access request 



determine data store(s) 



send request to appropriate translation modules 



translate request based on mapping catalog 



access data source based on translated request 



receive result(s) and translate 



merge results 



return merged results 



600 



602 



604 



606 



610 



612 



614 



616 



FIG. 6 



Page 6 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: OBLX-01056US0 

Appl. No.: Unknown , Atty: Burt Magen 

Filing Date: Herewith Phone: (415)369-9660 

Express Mail No. : EV 332 01 3 295 US 



T 

670 




658 




Employee 
V 



650 



660 



Manager 



664 



♦c Department 



652 



666 



FIG. 7 



Employee 
Projects 



654 



668 




656 




Page 7 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: OBLX-01056US0 

Appl. No.: Unknown Atty: BurtMagen 

Filing Date: Herewith Phone: (41 5) 369-9660 

Express Mail No.: EV 332 013 295 US 



access attributes and filter (w/attributes) 
from Request 



702 



FIG. 9 



map attributes 



704 



translate each sub filter into a SELECT 
statement 



706 



combine SELECT statements for sub 
filters 



708 



get primary key values for master table 



710 



for each primary key value, get requested 
attributes 



712 




Page 8 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: 

Appl. No.: Unknown Atty: 

Filing Date: Herewith Phone: 

Express Mail No.: EV 332 013 295 US 



OBLX-01056US0 
Burt Magen 
(415) 369-9660 



build expression tree of nodes 



access root node 



combination process 



800 



802 



804 



FIG. 10 



access node 



840 



FIG. 11 



842 




yes 



no 







r 


844—- 


simple node combine process 



848 




yes 



no 







r 


850—- 


NOT type combine process 




858 AND 



1 


OR 

860 






r 


OR type combine process 


862 — 


AND type combine process " 



Page 9 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: 

Appl. No.: Unknown Atty: 

Filing Date: Herewith Phone: 

Express Mail No.: EV 332 013 295 US 



OBLX-01056US0 
Burt Magen 
(415) 369-9660 



FIG. 12 



determine the attribute 
mapping class for the attribute 
in the simple expression 



900 



convert operand value (for 
operands other than exists, =*) 
to SQL equivalent, (substitution 
of ■*' with '%' in the operand 
string and single quote the 
string data type values) 



902 



Get the filter SQL statement for 
binary operator and substitute 
operator equivalent and 
operand value 



904 



FIG. 13 



sql_child_node = Generate 
SQL statement for the child 
node by recursively calling 
combination process 




r 


Get master_table_name and 
master_table_primary_key_col 
umnjiame for the object class. 




r 



NotSQLStmt = "SELECT" + 
master_table_name + "." + 
m a ste r_ta b I e__p ri m a ry_p ri m a ry 
_key_column_name + "FROM" 

+ master_table_name + 
"WHERE" + masterjable + V* 
+ 

master_table_primary_key_col 
umnjiame + "NOT IN (" + 
sql_child_node + ")" 



return the SQL statement 



906 



return NotSQLStmt 



Page 10 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: OBLX-01056US0 

Appl. No.: Unknown Atty: Burt Magen 

Filing Date: Herewith . Phone: (415)369-9660 

Express Mail No. : EV 332 01 3 295 US 



FIG. 14 



generate SQL statement for each child 

node by recursively calling 
combination process. Store the SQL 
equivalent statements in 
sql_child_nodes_list 



•1002 



FIG. 1 5 



1 


r 


Get master_Jable_name and 
master_table_primary__key_column_na 
me for the object class 




k 

r 



generate SQL statement for each 
child node by recursively calling 
combination process. Store the 
SQL equivalent statements in 
sql_child_nodes_list 



For SQL Server: 
AndSQLStmt = "SELECT" + 
ma.ster_table_name + "." + ( 
master_table_primary_key_colun_nam 
e + "FROM" + master_table_name + 

"WHERE" + master+table + "." + 
master_table_primary_key_column_na 
me + " IN (" + sql_child_nodes[0] + ") 

AND" + ... + masterjable + "." + 
master_table_primary_key_column_na 
me + " IN (" + sql_child_nodes[n] + ")" 



1040 



OrSQLStmt = "(" + 
sql_child_nodes[0] + ") UNION (" 
+ sql_child_nodes[1] + ") UNION 
(" = ... + sql_child_nopdestn] + ")" 



1006 



1042 



return OrSQLStmt 



1044 



For Oracle," DB2 and Informix: 
AndSQLStmt = "(" + sql_child_nodes[0] 

+ ") INTERSECT (" + 
sql_child_nodes[1] + ") INTERSECT (" 

= ... + sql_child_nopdes[n] + ")" 



•1008 





r 


return AndSQLStmt 



1010 



Page 11 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant:' Sanjay P. Ghatare Docket No.: 

Appl. No.: Unknown Atty: 

Filing Date: Herewith Phone: 

Express Mail No.: EV 332 013 295 US 



OBLX-01056US0 
Burt Magen 
(415) 369-9660 



FIG. 16 



generate primary key value if database 
does not autogenerate 



create SVAL entries for class B attributes 



get key values for class C attributes 



INSERT operations for A, B & C attributes 



get primary key value if assigned by database 



get primary key values from mapped-table for class D 



update mapped-column value for class D 



insert attributes for class E 



get key values for class F and insert new data 



update master table for class G 



get key values for class H and update the master table 



rollback if any failures; otherwise, commit transaction 



Page 12 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.:- OBLX-01056US0 

Appl. No.: Unknown Atty BurtMagen 

Filing Date: Herewith Phone: (415) 369-9660 

Express Mail No.: EV 332 01 3 295 US 



FIG. 17 



get primary key value, if not provided 




r 


for class H attributes, set master-link-column to null 




r 


for class G attributes, set master-link-column to null 




r 


for class F attributes, values no longer needed are 
removed from master linked column table 




r 


for class E attributes, values.are removed from linking table 
for values being deleted from master table 




r 


for class D attributes, delete rows from mapped table 




f 


delete row in master table 




f 


rollback if any failures; otherwise, commit transaction 



Page 13 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: 

Appl. No.: Unknown Atty: 

Filing Date: Herewith Phone: 

Express Mail No.: EV 332 013 295 US 



OBLX-01056US0 
Burt Magen 
(415) 369-9660 



FIG. 18 



get primary key value, if not provided 



update class B attributes based on SVAL 




r 


get new value(s) for class C attributes and update 


■ \ 


f 


update mapped table for class D attributes 




r 


for class E attributes, delete old Evalues and pkvalue from 
mapped-column-table and insert new Evalues and pkvalue 
in mapped-column-table 




r 


for class F attributes, get the key values for the updated 
attribute, delete the old key values from the master-linked- 
column table and insert new key values and pkvalue to the 
master-linked-column table 




r 


for class G attributes, update the master-link-column of 
master table to set null for deleted gvalues and set the 
master-link-column to pkvalue for the added gvalues. 




r • 



for class H attributes, get the deleted Hkeyvalues and 
added Hkeyvalues, update the master table to set 
masterjink-column to null for deleted Hkeyvalue and set 
the master-link-column to pkvalue for the added 
Hkeyvalues. 





r 


rollback if any failures; otherwise, commit transaction 



Page 14 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: OBLX-01056US0 

Appl. No.: Unknown Atty: Burt Magen 

Filing Date: Herewith Phone: (415)369-9660 

Express Mail No.: EV 332 013 295 US 



FIG. 19 



receive access request 



get partition expression 



1402 



1404 



evaluate partition expression against 
access request 



1408 



1406 



no 



satisfied? ^^^^ 




y6S 1410 

T ^ 


create filter for data store 






v 1412 


provide filter to Translation Module 








■ i 


< — ■ 

L 1414 



more partition expressions? 




Page 15 of 17 

Title: ' SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: 

Appl. No.: Unknown Atty: 

Filing Date: Herewith Phone: 

Express Mail No.: EV 332 01 3 295 US 

i 



OBLX-01056US0 
Burt Magen 
(415)369-9660 



FIG. 20 



create filter expression tree (FT) 



1440 



create partition expression tree (PT) 



1442 



access mapped attributes (MA) 



1444 



call partition function P(FT, PT, MA) 



1446 



NOT 



FIG. 21 




country 



department 



sales 



Page 16 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: OBLX-O1056US0 

Appl. No.: Unknown Atty: Burt Magen 

Filing Datef Herewith Phone: (415)369-9660 

Express Mail No.: EV 332 01 3 295 US 



FIG. 22 



FT simple, 
PT composite 



1480 




FT composite 



149 



recursively call partition 
function for each child 
filter 



combine results from 
child filters 

^1498 



call partition function 

with reversed 
parameters P(FT, PT, 
MA) 



FT & PT simple 



1482 



attribute not 
mapped? 



not mapped 





f 


mark FT as invalid 



mapped 



1484 



.1486 




different 



1492 



same 



1 


1488 


mark FT as true 



If overlap, mark FT 

as true. If no 
overlap, mark as 
false 



1490 



Page 17 of 17 

Title: SUPPORT FOR RDBMS IN AN LDAP SYSTEM 

Applicant: Sanjay P. Ghatare Docket No.: 

Appl. No.: Unknown Atty: 

Filing Date: Herewith Phone: 

Express Mail No.: EV 332 013 295 US 



OBLX-01056US0 
Burt Magen 
(415) 369-9660 



FIG. 23 



.1530 







no 


1538, 




mark node 


as true 



1540 



mark node 
as invalid 





no 


i 


r 


mark node 


as false 



1578 



.1550 



yes 





r 




mark node 


~1 


as true 





no 




yes 



mark node 
as invalid 



1558 



i 


r 




mark node 




as false 



1556 



